Fixing stuff (was Re: short Botnet list and Cashing in on DoS)
Stephen J. Wilcox
steve at telecomplete.co.uk
Sat Oct 9 14:20:09 UTC 2004
On Sat, 9 Oct 2004, Sean Donelan wrote:
> Why don't people want to fix their computers? And even worse, why are
> so many people unsuccessfull fixing their computers?
I had a thread on this a month or two ago (i think it was nanog).. the simple
answer that I find is they just dont care and/or are incapable.
They dont care in that for many people, providing the computer still works,
you're not getting charged (like you would be for pbx hacks) and they dont
consider their PC to be critical to their daily lives they have no motivation to
find the information and start to care.
And they are incapable in that many recent worms/malware have spoofed being from
authorities such as banks, microsoft, their ISP and they cannot distinguish
between real and spoof and therefore ignore it when windows pops up to tell them
they need to install the latest security patch. Coupled with this, they dont
understand what virus scanners, firewalls, security patches are and think that
by having one of these it will (a) be an all round security solution (b) not
need their intervention to setup and maintain it.
> If virus writes are smart enough to infect their computers with one-click,
> perhaps the good guys can come up with ways to fix their computer with
> one-click.
Of course the good guys are constrained by the law which the bad guys arent, we
have seen instances of worms designed to close holes on computers but they are
illegal (and didnt work).
Also, the good guys always seek user authorisation (eg the window which pops up
asking you if you want to install the latest dat) and I suggested above this is
problematic for several reasons (user confusion, not wanting to install at that
moment etc) .. the bad guys just go ahead and infect - and usually their payload
is tiny compared to the Mbs we have to download each month in defenses.
And of course, the final blow .. our OSes and apps will inevitably have holes in
them, thats a consequence of complexity and I'm not sure how you can overcome
that even with much more stringent testing and programming rules.. some of these
hacks are pretty damn clever, abusing systems and having one system exploit a
weakness in another system (eg using IE to circumvent OS security levels) in
ways their designers never imagined and catered for. You only need to find one
chink in the systems to produce malware but you need to find all the bugs to
produce security apps.
Steve
More information about the NANOG
mailing list